package com.sharer.last.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 文件注释地方
 *
 * @ClassName AdminResourceServerConfig
 * @Author WangJin
 * @Date 2023/05/17/16:40
 * @Description
 * @Version 1.0
 */
//@Configuration
//@EnableResourceServer// 启动资源服务器
public class AdminResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId("admin_resource");
        // 如果关闭 stateless，则 accessToken 使用时的 session id 会被记录，后续请求不携带 accessToken 也可以正常响应
        // 无状态
        resources.stateless(true);
        // 设置token存储
//        resources.tokenStore(tokenStore1());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .requestMatchers().antMatchers("/inner_api/admin/**").and()//限制资源服只接管/r/**相匹配的资源
                .formLogin().permitAll().and()
                .authorizeRequests()//授权的请求
                .antMatchers("/inner_api/admin/**").hasRole("admin")
                .anyRequest()//任何请求
                .authenticated()//需要身份认证
                .and().csrf().disable();
    }
}
